eclipselink
eclipselink copied to clipboard
eclipse-ee4j
Slow startup because of low entropy for PRNG
Describe the bug
b3607a78aae5e1a4c8824baeaa6e0e348965bffd changed JCEEncryptor to use SecureRandom.getInstanceStrong(). In OpenJDK on Unix systems this is NativePRNG.Blocking which will stall if the kernel does not provide enough entropy.
We've noticed this behaviour on our CI systems where EclipseLink 2.714 startup would stall the tests.
java.lang.Thread.State: RUNNABLE
at java.io.FileInputStream.readBytes([email protected]/Native Method)
at java.io.FileInputStream.read([email protected]/FileInputStream.java:279)
at java.io.FilterInputStream.read([email protected]/FilterInputStream.java:133)
at sun.security.provider.NativePRNG$RandomIO.readFully([email protected]/NativePRNG.java:424)
at sun.security.provider.NativePRNG$RandomIO.ensureBufferValid([email protected]/NativePRNG.java:526)
at sun.security.provider.NativePRNG$RandomIO.implNextBytes([email protected]/NativePRNG.java:545)
- locked <0x00000000fcca7318> (a java.lang.Object)
at sun.security.provider.NativePRNG$Blocking.engineNextBytes([email protected]/NativePRNG.java:268)
at java.security.SecureRandom.nextBytes([email protected]/SecureRandom.java:751)
at org.eclipse.persistence.internal.security.JCEEncryptor$Synergizer.getIvGCM(JCEEncryptor.java:243)
at org.eclipse.persistence.internal.security.JCEEncryptor$Synergizer.access$4(JCEEncryptor.java:235)
at org.eclipse.persistence.internal.security.JCEEncryptor.encryptPassword(JCEEncryptor.java:102)
- locked <0x00000000ff7ea7e8> (a org.eclipse.persistence.internal.security.JCEEncryptor)
at org.eclipse.persistence.sessions.DatasourceLogin.setPassword(DatasourceLogin.java:416)
at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.updateLogins(EntityManagerSetupImpl.java:2483)
at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.updateSession(EntityManagerSetupImpl.java:2806)
at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.deploy(EntityManagerSetupImpl.java:751)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryDelegate.getAbstractSession(EntityManagerFactoryDelegate.java:222)
- locked <0x00000000fcd757a8> (a org.eclipse.persistence.internal.jpa.EntityManagerFactoryDelegate)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryDelegate.createEntityManagerImpl(EntityManagerFactoryDelegate.java:330)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManagerImpl(EntityManagerFactoryImpl.java:350)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:313)
To Reproduce Steps/resources to reproduce the behavior:
- EclipseLink version 2.7.14
- Java/JDK version JDK8/11/17/21
Expected behavior The codepath should use the nonblocking PRNG to avoid a blocked startup because of low entropy.
